Google’s new DNS service

If you haven’t heard yet, Google has opened up their own public DNS servers. Many people I know would love to use them rather than their ISP’s DNS servers for various reasons – mostly due to lack of availability.

I’ve been using OpenDNS’s resolvers for the last year or so now, so this service isn’t exactly new, neither is the free option as OpenDNS has one. So what does Google bring to the table from a security perspective?

Google has a great document that they’ve created all about the security of their DNS service. Basically, they’re concerned about the availability (hence the overprovisioning), and the replay, birthday, and Kaminsky attacks. The only thing they might offer above and beyond your ISP is random ports and name server resolution. And in exchange, not only does Google get your searches, they get *every* web/e-mail/bittorrent/IRC server you go to. *put on privacy nut hat* Maybe I’m strange, but I’d prefer that Google – with their core competency as data and trends gathering – not have that much information about me.

Google has obviously considered the security implications of running public DNS servers, but is the “cost” worth it to you?